Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Stay Secure with the Latest Linux Advisories

Filter%20icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 18 articles for you...
202

openSUSE python312 Moderate Risk Fix for 5 Issues 2026-11100-1

An update that solves 5 vulnerabilities can now be installed.. # python312-3.12.13-6.1 on GA media Announcement ID: openSUSE-SU-2026:11100-1 Rating: moderate Cross-References: * CVE-2026-1502 * CVE-2026-3446 * CVE-2026-4786 * CVE-2026-6019 * CVE-2026-6100 CVSS scores: * CVE-2026-1502 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N * CVE-2026-1502 ( SUSE ): 5.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-3446 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-3446 ( SUSE ): 6 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-4786 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L * CVE-2026-4786 ( SUSE ): 7 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-6019 ( SUSE ): 3.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N * CVE-2026-6019 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-6100 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2026-6100 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves 5 vulnerabilities can now be installed. ## Description: These are all security issues fixed in the python312-3.12.13-6.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * python312 3.12.13-6.1 * python312-32bit 3.12.13-6.1 * python312-curses 3.12.13-6.1 * python312-dbm 3.12.13-6.1 * python312-idle 3.12.13-6.1 * python312-tk 3.12.13-6.1 * python312-x86-64-v3 3.12.13-6.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1502.html * https://www.suse.com/security/cve/CVE-2026-3446.html *https://www.suse.com/security/cve/CVE-2026-4786.html * https://www.suse.com/security/cve/CVE-2026-6019.html * https://www.suse.com/security/cve/CVE-2026-6100.html . An update for openSUSE addresses 5 issues in python312 that could lead to security risks. Immediate installation recommended.. opensuse security update, python312 vulnerabilities, moderate risk issues. . Severity: moderate. LinuxSecurity.com Team

Calendar%202 Jun 25, 2026 moderate OpenSUSE
202

openSUSE python312 Important Command Injection Code Exec Vulner 2055-1

An update that solves four vulnerabilities can now be installed.. # Security update for python312 Announcement ID: SUSE-SU-2026:2055-1 Release Date: 2026-05-25T14:02:53Z Rating: important References: * bsc#1261969 * bsc#1262098 * bsc#1262319 * bsc#1262654 Cross-References: * CVE-2026-1502 * CVE-2026-4786 * CVE-2026-6019 * CVE-2026-6100 CVSS scores: * CVE-2026-1502 ( SUSE ): 5.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-1502 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N * CVE-2026-1502 ( NVD ): 5.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4786 ( SUSE ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-4786 ( SUSE ): 7.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:L * CVE-2026-4786 ( NVD ): 7.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-6019 ( SUSE ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-6019 ( SUSE ): 3.8 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N * CVE-2026-6019 ( NVD ): 2.1 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-6019 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2026-6100 ( SUSE ): 9.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-6100 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H *CVE-2026-6100 ( NVD ): 9.1 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves four vulnerabilities can now be installed. ## Description: This update for python312 fixes the following issues * CVE-2026-1502: HTTP client proxy tunnel headers not validated for CR/LF (bsc#1261969). * CVE-2026-4786: Incomplete mitigation of %action expansion for command injection to webbrowser.open() (bsc#1262319). * CVE-2026-6019: `BaseCookie.js_output()` does not neutralize characters in cookie values embedded in JS (bsc#1262654). * CVE-2026-6100: Arbitrary code execution or information disclosure via use- after-free in decompression modules (bsc#1262098). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-2055=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-2055=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-2055=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * python312-dbm-3.12.13-150600.3.59.1 * libpython3_12-1_0-3.12.13-150600.3.59.1 * python312-testsuite-3.12.13-150600.3.59.1 * libpython3_12-1_0-debuginfo-3.12.13-150600.3.59.1 * python312-tools-3.12.13-150600.3.59.1 * python312-curses-3.12.13-150600.3.59.1 * python312-debuginfo-3.12.13-150600.3.59.1 * python312-testsuite-debuginfo-3.12.13-150600.3.59.1 *python312-debugsource-3.12.13-150600.3.59.1 * python312-devel-3.12.13-150600.3.59.1 * python312-tk-3.12.13-150600.3.59.1 * python312-core-debugsource-3.12.13-150600.3.59.1 * python312-tk-debuginfo-3.12.13-150600.3.59.1 * python312-base-3.12.13-150600.3.59.1 * python312-curses-debuginfo-3.12.13-150600.3.59.1 * python312-doc-3.12.13-150600.3.59.1 * python312-base-debuginfo-3.12.13-150600.3.59.1 * python312-dbm-debuginfo-3.12.13-150600.3.59.1 * python312-idle-3.12.13-150600.3.59.1 * python312-doc-devhelp-3.12.13-150600.3.59.1 * python312-3.12.13-150600.3.59.1 * openSUSE Leap 15.6 (x86_64) * python312-32bit-debuginfo-3.12.13-150600.3.59.1 * python312-32bit-3.12.13-150600.3.59.1 * libpython3_12-1_0-32bit-3.12.13-150600.3.59.1 * libpython3_12-1_0-32bit-debuginfo-3.12.13-150600.3.59.1 * python312-base-32bit-debuginfo-3.12.13-150600.3.59.1 * python312-base-32bit-3.12.13-150600.3.59.1 * openSUSE Leap 15.6 (aarch64_ilp32) * libpython3_12-1_0-64bit-3.12.13-150600.3.59.1 * python312-base-64bit-debuginfo-3.12.13-150600.3.59.1 * python312-64bit-debuginfo-3.12.13-150600.3.59.1 * python312-64bit-3.12.13-150600.3.59.1 * python312-base-64bit-3.12.13-150600.3.59.1 * libpython3_12-1_0-64bit-debuginfo-3.12.13-150600.3.59.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * python312-dbm-3.12.13-150600.3.59.1 * libpython3_12-1_0-3.12.13-150600.3.59.1 * python312-curses-debuginfo-3.12.13-150600.3.59.1 * python312-tk-3.12.13-150600.3.59.1 * python312-base-debuginfo-3.12.13-150600.3.59.1 * python312-dbm-debuginfo-3.12.13-150600.3.59.1 * python312-idle-3.12.13-150600.3.59.1 * python312-curses-3.12.13-150600.3.59.1 * python312-debuginfo-3.12.13-150600.3.59.1 * libpython3_12-1_0-debuginfo-3.12.13-150600.3.59.1 * python312-3.12.13-150600.3.59.1 * python312-tools-3.12.13-150600.3.59.1 * python312-core-debugsource-3.12.13-150600.3.59.1 *python312-debugsource-3.12.13-150600.3.59.1 * python312-tk-debuginfo-3.12.13-150600.3.59.1 * python312-devel-3.12.13-150600.3.59.1 * python312-base-3.12.13-150600.3.59.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * python312-dbm-3.12.13-150600.3.59.1 * libpython3_12-1_0-3.12.13-150600.3.59.1 * python312-tk-3.12.13-150600.3.59.1 * python312-curses-debuginfo-3.12.13-150600.3.59.1 * python312-base-debuginfo-3.12.13-150600.3.59.1 * python312-dbm-debuginfo-3.12.13-150600.3.59.1 * python312-idle-3.12.13-150600.3.59.1 * python312-curses-3.12.13-150600.3.59.1 * python312-debuginfo-3.12.13-150600.3.59.1 * libpython3_12-1_0-debuginfo-3.12.13-150600.3.59.1 * python312-3.12.13-150600.3.59.1 * python312-tools-3.12.13-150600.3.59.1 * python312-core-debugsource-3.12.13-150600.3.59.1 * python312-debugsource-3.12.13-150600.3.59.1 * python312-tk-debuginfo-3.12.13-150600.3.59.1 * python312-devel-3.12.13-150600.3.59.1 * python312-base-3.12.13-150600.3.59.1 ## References: * https://www.suse.com/security/cve/CVE-2026-1502.html * https://www.suse.com/security/cve/CVE-2026-4786.html * https://www.suse.com/security/cve/CVE-2026-6019.html * https://www.suse.com/security/cve/CVE-2026-6100.html * https://bugzilla.suse.com/show_bug.cgi?id=1261969 * https://bugzilla.suse.com/show_bug.cgi?id=1262098 * https://bugzilla.suse.com/show_bug.cgi?id=1262319 * https://bugzilla.suse.com/show_bug.cgi?id=1262654 . This update for python312 addresses multiple issues including code execution and command injection; installation instructions included.. python312 security patch, openSUSE vulnerabilities, SUSE advisory. . Severity: Important. LinuxSecurity.com Team

Calendar%202 May 25, 2026 Important OpenSUSE
100

openSUSE 15.6 Python312 Moderate CVE-2026-3446 Advisory SUSE-SU-2026-1502-1

An update that solves one vulnerability and has one security fix can now be installed.. # Security update for python312 Announcement ID: SUSE-SU-2026:1502-1 Release Date: 2026-04-20T16:17:01Z Rating: moderate References: * bsc#1258364 * bsc#1261970 Cross-References: * CVE-2026-3446 CVSS scores: * CVE-2026-3446 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-3446 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-3446 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.6 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for python312 fixes the following issues: * CVE-2026-3446: Base64 decoding stops at first padded quad by default (bsc#1261970). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1502=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * python312-3.12.13-150600.3.56.1 * python312-debuginfo-3.12.13-150600.3.56.1 * python312-base-3.12.13-150600.3.56.1 * python312-core-debugsource-3.12.13-150600.3.56.1 * python312-doc-devhelp-3.12.13-150600.3.56.1 * python312-testsuite-3.12.13-150600.3.56.1 * python312-tk-3.12.13-150600.3.56.1 * python312-dbm-debuginfo-3.12.13-150600.3.56.1 * libpython3_12-1_0-debuginfo-3.12.13-150600.3.56.1 * python312-tools-3.12.13-150600.3.56.1 * python312-devel-3.12.13-150600.3.56.1 * python312-base-debuginfo-3.12.13-150600.3.56.1 * python312-tk-debuginfo-3.12.13-150600.3.56.1 * libpython3_12-1_0-3.12.13-150600.3.56.1 *python312-debugsource-3.12.13-150600.3.56.1 * python312-dbm-3.12.13-150600.3.56.1 * python312-testsuite-debuginfo-3.12.13-150600.3.56.1 * python312-curses-3.12.13-150600.3.56.1 * python312-curses-debuginfo-3.12.13-150600.3.56.1 * python312-idle-3.12.13-150600.3.56.1 * python312-doc-3.12.13-150600.3.56.1 * openSUSE Leap 15.6 (x86_64) * libpython3_12-1_0-32bit-3.12.13-150600.3.56.1 * python312-32bit-debuginfo-3.12.13-150600.3.56.1 * python312-base-32bit-3.12.13-150600.3.56.1 * python312-32bit-3.12.13-150600.3.56.1 * python312-base-32bit-debuginfo-3.12.13-150600.3.56.1 * libpython3_12-1_0-32bit-debuginfo-3.12.13-150600.3.56.1 * openSUSE Leap 15.6 (aarch64_ilp32) * python312-base-64bit-debuginfo-3.12.13-150600.3.56.1 * libpython3_12-1_0-64bit-3.12.13-150600.3.56.1 * python312-64bit-3.12.13-150600.3.56.1 * python312-base-64bit-3.12.13-150600.3.56.1 * libpython3_12-1_0-64bit-debuginfo-3.12.13-150600.3.56.1 * python312-64bit-debuginfo-3.12.13-150600.3.56.1 ## References: * https://www.suse.com/security/cve/CVE-2026-3446.html * https://bugzilla.suse.com/show_bug.cgi?id=1258364 * https://bugzilla.suse.com/show_bug.cgi?id=1261970 . SUSE 2026 advisory for python312 tackles a major issue with Base64 decoder and requires user action.. openSUSE security, python312 patch, security advisory SUSE, CVE-2026-3446, python package security. . LinuxSecurity.com Team

Calendar%202 Apr 21, 2026 SuSE
100

openSUSE 15.6 Python312 Important Memory DoS Vuln 2026-1107-1

An update that solves 10 vulnerabilities can now be installed.. # Security update for python312 Announcement ID: SUSE-SU-2026:1107-1 Release Date: 2026-03-27T09:04:10Z Rating: important References: * bsc#1252974 * bsc#1254400 * bsc#1254401 * bsc#1254997 * bsc#1257029 * bsc#1257031 * bsc#1257042 * bsc#1257046 * bsc#1257181 * bsc#1259240 Cross-References: * CVE-2025-11468 * CVE-2025-12084 * CVE-2025-13836 * CVE-2025-13837 * CVE-2025-15282 * CVE-2025-6075 * CVE-2026-0672 * CVE-2026-0865 * CVE-2026-1299 * CVE-2026-2297 CVSS scores: * CVE-2025-11468 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-11468 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-11468 ( NVD ): 5.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-12084 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-12084 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-12084 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-12084 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-13836 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13836 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-13836 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13836 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-13837 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13837 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-13837 ( NVD ): 2.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13837 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-15282 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-15282 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H * CVE-2025-15282 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-6075 ( SUSE ): 1.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-6075 ( SUSE ): 2.5 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L * CVE-2025-6075 ( NVD ): 1.8 CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-6075 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2026-0672 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-0672 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-0672 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-0865 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-0865 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H * CVE-2026-0865 ( NVD ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-1299 ( SUSE ): 8.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-1299 ( SUSE ): 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N * CVE-2026-1299 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-2297 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-2297 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-2297 ( NVD ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves 10 vulnerabilities can now be installed. ## Description: This update for python312 fixes the following issues: Update to Python 3.12.13: * CVE-2025-6075: quadratic complexity in os.path.expandvars() (bsc#1252974). * CVE-2025-11468: header injection with carefully crafted inputs (bsc#1257029). * CVE-2025-12084: quadratic complexity in xml.minidom node ID cache clearing (bsc#1254997). * CVE-2025-13836: potential memory denial of service in the http.clientmodule (bsc#1254400). * CVE-2025-13837: potential memory denial of service in the plistlib module (bsc#1254401). * CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers (bsc#1257046). * CVE-2026-0672: control characters in http.cookies.Morsel fields and values (bsc#1257031). * CVE-2026-0865: C0 control characters within wsgiref.headers.Headers fields, values, and parameters (bsc#1257042). * CVE-2026-1299: header injection when an email is serialized due to improper newline quoting (bsc#1257181). * CVE-2026-2297: validation bypass via incorrectly handled hook in FileLoader (bsc#1259240). Changelog: \- gh-144125: BytesGenerator will now refuse to serialize (write) headers that are unsafely folded or delimited; see verify_generated_headers. (Contributed by Bas Bloemsaat and Petr Viktorin in gh-121650) (bsc#1257181, CVE-2026-1299). \- gh-143935: Fixed a bug in the folding of comments when flattening an email message using a modern email policy. Comments consisting of a very long sequence of non-foldable characters could trigger a forced line wrap that omitted the required leading space on the continuation line, causing the remainder of the comment to be interpreted as a new header field. This enabled header injection with carefully crafted inputs (bsc#1257029 CVE-2025-11468). \- gh-143925: Reject control characters in data: URL media types (bsc#1257046, CVE-2025-15282). \- gh-143919: Reject control characters in http.cookies.Morsel fields and values (bsc#1257031, CVE-2026-0672). \- gh-143916: Reject C0 control characters within wsgiref.headers.Headers fields, values, and parameters (bsc#1257042, CVE-2026-0865). \- gh-142145: Remove quadratic behavior in xml.minidom node ID cache clearing. In order to do this without breaking existing users, we also add the ownerDocument attribute to xml.dom.minidom elements and attributes created by directly instantiating the Element or Attr class. Note that this way of creating nodes is not supported; creatorfunctions like xml.dom.Document.documentElement() should be used instead (bsc#1254997, CVE-2025-12084). \- gh-137836: Add support of the "plaintext" element, RAWTEXT elements "xmp", "iframe", "noembed" and "noframes", and optionally RAWTEXT element "noscript" in html.parser.HTMLParser. \- gh-136063: email.message: ensure linear complexity for legacy HTTP parameters parsing. Patch by Bndikt Tran. \- gh-136065: Fix quadratic complexity in os.path.expandvars() (bsc#1252974, CVE-2025-6075). \- gh-119451: Fix a potential memory denial of service in the http.client module. When connecting to a malicious server, it could cause an arbitrary amount of memory to be allocated. This could have led to symptoms including a MemoryError, swapping, out of memory (OOM) killed processes or containers, or even system crashes (CVE-2025-13836, bsc#1254400). \- gh-119452: Fix a potential memory denial of service in the http.server module. When a malicious user is connected to the CGI server on Windows, it could cause an arbitrary amount of memory to be allocated. This could have led to symptoms including a MemoryError, swapping, out of memory (OOM) killed processes or containers, or even system crashes. \- gh-119342: Fix a potential memory denial of service in the plistlib module. When reading a Plist file received from untrusted source, it could cause an arbitrary amount of memory to be allocated. This could have led to symptoms including a MemoryError, swapping, out of memory (OOM) killed processes or containers, or even system crashes (bsc#1254401, CVE-2025-13837). \- Library \- gh-144833: Fixed a use-after-free in ssl when SSL_new() returns NULL in newPySSLSocket(). The error was reported via a dangling pointer after the object had already been freed. \- gh-144363: Update bundled libexpat to 2.7.4 \- gh-90949: Add SetAllocTrackerActivationThreshold() and SetAllocTrackerMaximumAmplification() to xmlparser objects to prevent use of disproportional amounts of dynamic memory from within an Expat parser. Patch by Bndikt Tran. ## PatchInstructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1107=1 openSUSE-SLE-15.6-2026-1107=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1107=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1107=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * python312-testsuite-3.12.13-150600.3.48.1 * libpython3_12-1_0-3.12.13-150600.3.48.1 * python312-dbm-3.12.13-150600.3.48.1 * python312-doc-devhelp-3.12.13-150600.3.48.1 * python312-curses-debuginfo-3.12.13-150600.3.48.1 * python312-base-3.12.13-150600.3.48.1 * python312-idle-3.12.13-150600.3.48.1 * python312-testsuite-debuginfo-3.12.13-150600.3.48.1 * python312-devel-3.12.13-150600.3.48.1 * python312-tools-3.12.13-150600.3.48.1 * python312-doc-3.12.13-150600.3.48.1 * python312-debugsource-3.12.13-150600.3.48.1 * python312-tk-3.12.13-150600.3.48.1 * python312-debuginfo-3.12.13-150600.3.48.1 * python312-dbm-debuginfo-3.12.13-150600.3.48.1 * python312-tk-debuginfo-3.12.13-150600.3.48.1 * python312-curses-3.12.13-150600.3.48.1 * libpython3_12-1_0-debuginfo-3.12.13-150600.3.48.1 * python312-base-debuginfo-3.12.13-150600.3.48.1 * python312-core-debugsource-3.12.13-150600.3.48.1 * python312-3.12.13-150600.3.48.1 * openSUSE Leap 15.6 (x86_64) * python312-32bit-3.12.13-150600.3.48.1 * libpython3_12-1_0-32bit-debuginfo-3.12.13-150600.3.48.1 * python312-base-32bit-debuginfo-3.12.13-150600.3.48.1 * python312-32bit-debuginfo-3.12.13-150600.3.48.1 * libpython3_12-1_0-32bit-3.12.13-150600.3.48.1 * python312-base-32bit-3.12.13-150600.3.48.1 * openSUSE Leap 15.6 (aarch64_ilp32) *python312-base-64bit-debuginfo-3.12.13-150600.3.48.1 * libpython3_12-1_0-64bit-debuginfo-3.12.13-150600.3.48.1 * python312-base-64bit-3.12.13-150600.3.48.1 * libpython3_12-1_0-64bit-3.12.13-150600.3.48.1 * python312-64bit-debuginfo-3.12.13-150600.3.48.1 * python312-64bit-3.12.13-150600.3.48.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * python312-curses-debuginfo-3.12.13-150600.3.48.1 * python312-base-3.12.13-150600.3.48.1 * python312-base-debuginfo-3.12.13-150600.3.48.1 * python312-debugsource-3.12.13-150600.3.48.1 * python312-idle-3.12.13-150600.3.48.1 * python312-tk-3.12.13-150600.3.48.1 * python312-devel-3.12.13-150600.3.48.1 * python312-debuginfo-3.12.13-150600.3.48.1 * python312-dbm-debuginfo-3.12.13-150600.3.48.1 * python312-tk-debuginfo-3.12.13-150600.3.48.1 * python312-tools-3.12.13-150600.3.48.1 * python312-core-debugsource-3.12.13-150600.3.48.1 * libpython3_12-1_0-3.12.13-150600.3.48.1 * python312-curses-3.12.13-150600.3.48.1 * libpython3_12-1_0-debuginfo-3.12.13-150600.3.48.1 * python312-3.12.13-150600.3.48.1 * python312-dbm-3.12.13-150600.3.48.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * python312-curses-debuginfo-3.12.13-150600.3.48.1 * python312-base-3.12.13-150600.3.48.1 * python312-base-debuginfo-3.12.13-150600.3.48.1 * python312-debugsource-3.12.13-150600.3.48.1 * python312-idle-3.12.13-150600.3.48.1 * python312-tk-3.12.13-150600.3.48.1 * python312-devel-3.12.13-150600.3.48.1 * python312-debuginfo-3.12.13-150600.3.48.1 * python312-dbm-debuginfo-3.12.13-150600.3.48.1 * python312-tk-debuginfo-3.12.13-150600.3.48.1 * python312-tools-3.12.13-150600.3.48.1 * python312-core-debugsource-3.12.13-150600.3.48.1 * libpython3_12-1_0-3.12.13-150600.3.48.1 * python312-curses-3.12.13-150600.3.48.1 * libpython3_12-1_0-debuginfo-3.12.13-150600.3.48.1 * python312-3.12.13-150600.3.48.1 *python312-dbm-3.12.13-150600.3.48.1 ## References: * https://www.suse.com/security/cve/CVE-2025-11468.html * https://www.suse.com/security/cve/CVE-2025-12084.html * https://www.suse.com/security/cve/CVE-2025-13836.html * https://www.suse.com/security/cve/CVE-2025-13837.html * https://www.suse.com/security/cve/CVE-2025-15282.html * https://www.suse.com/security/cve/CVE-2025-6075.html * https://www.suse.com/security/cve/CVE-2026-0672.html * https://www.suse.com/security/cve/CVE-2026-0865.html * https://www.suse.com/security/cve/CVE-2026-1299.html * https://www.suse.com/security/cve/CVE-2026-2297.html * https://bugzilla.suse.com/show_bug.cgi?id=1252974 * https://bugzilla.suse.com/show_bug.cgi?id=1254400 * https://bugzilla.suse.com/show_bug.cgi?id=1254401 * https://bugzilla.suse.com/show_bug.cgi?id=1254997 * https://bugzilla.suse.com/show_bug.cgi?id=1257029 * https://bugzilla.suse.com/show_bug.cgi?id=1257031 * https://bugzilla.suse.com/show_bug.cgi?id=1257042 * https://bugzilla.suse.com/show_bug.cgi?id=1257046 * https://bugzilla.suse.com/show_bug.cgi?id=1257181 * https://bugzilla.suse.com/show_bug.cgi?id=1259240 . SUSE released an important python312 update addressing 10 security issues, including memory denial of service vulnerabilities.. SUSE security python312 update important memory denial of service. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Mar 27, 2026 Important SuSE
202

openSUSE Tumbleweed python312 Moderate Security Fix CVE-2026-2297

An update that solves one vulnerability can now be installed.. # python312-3.12.13-2.1 on GA media Announcement ID: openSUSE-SU-2026:10377-1 Rating: moderate Cross-References: * CVE-2026-2297 CVSS scores: * CVE-2026-2297 ( SUSE ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N * CVE-2026-2297 ( SUSE ): 5.7 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N Affected Products: * openSUSE Tumbleweed An update that solves one vulnerability can now be installed. ## Description: These are all security issues fixed in the python312-3.12.13-2.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * python312 3.12.13-2.1 * python312-curses 3.12.13-2.1 * python312-dbm 3.12.13-2.1 * python312-idle 3.12.13-2.1 * python312-tk 3.12.13-2.1 * python312-x86-64-v3 3.12.13-2.1 ## References: * https://www.suse.com/security/cve/CVE-2026-2297.html . This update addresses a security issue in openSUSE's Python 3.12.13 package with moderate severity.. openSUSE update, Python security, package vulnerability. . LinuxSecurity.com Team

Calendar%202 Mar 19, 2026 OpenSUSE
100

SUSE python310 Important Security Update Alert - SUSE-SU-2026-0987-2

An update that solves six vulnerabilities can now be installed.. # Security update for python312 Announcement ID: SUSE-SU-2026:0644-1 Release Date: 2026-02-25T16:28:32Z Rating: important References: * bsc#1257029 * bsc#1257031 * bsc#1257041 * bsc#1257042 * bsc#1257044 * bsc#1257046 Cross-References: * CVE-2025-11468 * CVE-2025-15282 * CVE-2025-15366 * CVE-2025-15367 * CVE-2026-0672 * CVE-2026-0865 CVSS scores: * CVE-2025-11468 ( SUSE ): 7.1 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2025-11468 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2025-11468 ( NVD ): 5.7 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:P/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-15282 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-15282 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H * CVE-2025-15282 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-15366 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-15366 ( SUSE ): 6.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H * CVE-2025-15366 ( NVD ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-15367 ( SUSE ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-15367 ( SUSE ): 6.7 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H * CVE-2025-15367 ( NVD ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X *CVE-2026-0672 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-0672 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2026-0672 ( NVD ): 6.0 CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2026-0865 ( SUSE ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2026-0865 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H * CVE-2026-0865 ( NVD ): 5.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves six vulnerabilities can now be installed. ## Description: This update for python312 fixes the following issues: * CVE-2025-11468: header injection when folding a long comment in an email header containing exclusively unfoldable characters (bsc#1257029). * CVE-2026-0672: HTTP header injection via user-controlled cookie values and parameters when using http.cookies.Morsel (bsc#1257031). * CVE-2026-0865: user-controlled header containing newlines can allow injecting HTTP headers (bsc#1257042). * CVE-2025-15366: user-controlled command can allow additional commands injected using newlines (bsc#1257044). * CVE-2025-15282: user-controlled data URLs parsed may allow injecting headers (bsc#1257046). * CVE-2025-15367: control characters may allow the injection of additional commands (bsc#1257041). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-644=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-644=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-644=1 openSUSE-SLE-15.6-2026-644=1 ## Package List: * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * libpython3_12-1_0-debuginfo-3.12.12-150600.3.43.1 * python312-3.12.12-150600.3.43.1 * python312-debuginfo-3.12.12-150600.3.43.1 * python312-curses-debuginfo-3.12.12-150600.3.43.1 * python312-debugsource-3.12.12-150600.3.43.1 * python312-tools-3.12.12-150600.3.43.1 * python312-dbm-debuginfo-3.12.12-150600.3.43.1 * python312-tk-3.12.12-150600.3.43.1 * python312-base-debuginfo-3.12.12-150600.3.43.1 * python312-core-debugsource-3.12.12-150600.3.43.1 * python312-curses-3.12.12-150600.3.43.1 * python312-dbm-3.12.12-150600.3.43.1 * python312-base-3.12.12-150600.3.43.1 * python312-idle-3.12.12-150600.3.43.1 * python312-tk-debuginfo-3.12.12-150600.3.43.1 * libpython3_12-1_0-3.12.12-150600.3.43.1 * python312-devel-3.12.12-150600.3.43.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * libpython3_12-1_0-debuginfo-3.12.12-150600.3.43.1 * python312-3.12.12-150600.3.43.1 * python312-debuginfo-3.12.12-150600.3.43.1 * python312-curses-debuginfo-3.12.12-150600.3.43.1 * python312-debugsource-3.12.12-150600.3.43.1 * python312-tools-3.12.12-150600.3.43.1 * python312-dbm-debuginfo-3.12.12-150600.3.43.1 * python312-tk-3.12.12-150600.3.43.1 * python312-base-debuginfo-3.12.12-150600.3.43.1 * python312-core-debugsource-3.12.12-150600.3.43.1 * python312-curses-3.12.12-150600.3.43.1 * python312-dbm-3.12.12-150600.3.43.1 * python312-base-3.12.12-150600.3.43.1 * python312-idle-3.12.12-150600.3.43.1 * python312-tk-debuginfo-3.12.12-150600.3.43.1 *libpython3_12-1_0-3.12.12-150600.3.43.1 * python312-devel-3.12.12-150600.3.43.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * libpython3_12-1_0-debuginfo-3.12.12-150600.3.43.1 * python312-curses-debuginfo-3.12.12-150600.3.43.1 * python312-core-debugsource-3.12.12-150600.3.43.1 * python312-curses-3.12.12-150600.3.43.1 * python312-idle-3.12.12-150600.3.43.1 * python312-tk-debuginfo-3.12.12-150600.3.43.1 * python312-doc-3.12.12-150600.3.43.1 * python312-debugsource-3.12.12-150600.3.43.1 * python312-debuginfo-3.12.12-150600.3.43.1 * python312-dbm-debuginfo-3.12.12-150600.3.43.1 * python312-tk-3.12.12-150600.3.43.1 * python312-testsuite-debuginfo-3.12.12-150600.3.43.1 * python312-base-debuginfo-3.12.12-150600.3.43.1 * libpython3_12-1_0-3.12.12-150600.3.43.1 * python312-testsuite-3.12.12-150600.3.43.1 * python312-3.12.12-150600.3.43.1 * python312-tools-3.12.12-150600.3.43.1 * python312-doc-devhelp-3.12.12-150600.3.43.1 * python312-dbm-3.12.12-150600.3.43.1 * python312-base-3.12.12-150600.3.43.1 * python312-devel-3.12.12-150600.3.43.1 * openSUSE Leap 15.6 (x86_64) * python312-base-32bit-debuginfo-3.12.12-150600.3.43.1 * libpython3_12-1_0-32bit-3.12.12-150600.3.43.1 * python312-32bit-3.12.12-150600.3.43.1 * libpython3_12-1_0-32bit-debuginfo-3.12.12-150600.3.43.1 * python312-base-32bit-3.12.12-150600.3.43.1 * python312-32bit-debuginfo-3.12.12-150600.3.43.1 * openSUSE Leap 15.6 (aarch64_ilp32) * python312-64bit-debuginfo-3.12.12-150600.3.43.1 * libpython3_12-1_0-64bit-3.12.12-150600.3.43.1 * libpython3_12-1_0-64bit-debuginfo-3.12.12-150600.3.43.1 * python312-base-64bit-3.12.12-150600.3.43.1 * python312-64bit-3.12.12-150600.3.43.1 * python312-base-64bit-debuginfo-3.12.12-150600.3.43.1 ## References: * https://www.suse.com/security/cve/CVE-2025-11468.html * https://www.suse.com/security/cve/CVE-2025-15282.html *https://www.suse.com/security/cve/CVE-2025-15366.html * https://www.suse.com/security/cve/CVE-2025-15367.html * https://www.suse.com/security/cve/CVE-2026-0672.html * https://www.suse.com/security/cve/CVE-2026-0865.html * https://bugzilla.suse.com/show_bug.cgi?id=1257029 * https://bugzilla.suse.com/show_bug.cgi?id=1257031 * https://bugzilla.suse.com/show_bug.cgi?id=1257041 * https://bugzilla.suse.com/show_bug.cgi?id=1257042 * https://bugzilla.suse.com/show_bug.cgi?id=1257044 * https://bugzilla.suse.com/show_bug.cgi?id=1257046 . SUSE update addresses important security issues in python312, affecting multiple systems with potential injections.. SUSE python312 security issues important updates header injection. . Severity: Important. LinuxSecurity.com Team

Calendar%202 Feb 26, 2026 Important SuSE
100

openSUSE: python312 Moderate Security Update for DoS 2026:0025-1

An update that solves three vulnerabilities can now be installed.. # Security update for python312 Announcement ID: SUSE-SU-2026:0025-1 Release Date: 2026-01-05T12:11:33Z Rating: moderate References: * bsc#1254400 * bsc#1254401 * bsc#1254997 Cross-References: * CVE-2025-12084 * CVE-2025-13836 * CVE-2025-13837 CVSS scores: * CVE-2025-12084 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-12084 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L * CVE-2025-12084 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-12084 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-13836 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13836 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H * CVE-2025-13836 ( NVD ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13836 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H * CVE-2025-13837 ( SUSE ): 2.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X * CVE-2025-13837 ( SUSE ): 4.0 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-13837 ( NVD ): 2.1 CVSS:4.0/AV:L/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:L/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X AffectedProducts: * openSUSE Leap 15.6 An update that solves three vulnerabilities can now be installed. ## Description: This update for python312 fixes the following issues: * CVE-2025-12084: quadratic complexity when building nested elements using `xml.dom.minidom` methods that depend on `_clear_id_cache()` can lead to availability issues when building excessively nested documents (bsc#1254997). * CVE-2025-13836: use of `Content-Length` by default when reading an HTTP response with no read amount specified can lead to OOM issues and DoS when a client deals with a malicious server (bsc#1254400). * CVE-2025-13837: data read by the plistlib module according to the size specified by the file itself can lead to OOM issues and DoS (bsc#1254401). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-25=1 openSUSE-SLE-15.6-2026-25=1 ## Package List: * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * python312-core-debugsource-3.12.12-150600.3.40.1 * python312-devel-3.12.12-150600.3.40.1 * python312-dbm-debuginfo-3.12.12-150600.3.40.1 * libpython3_12-1_0-debuginfo-3.12.12-150600.3.40.1 * python312-tk-3.12.12-150600.3.40.1 * python312-doc-devhelp-3.12.12-150600.3.40.1 * python312-debuginfo-3.12.12-150600.3.40.1 * python312-base-debuginfo-3.12.12-150600.3.40.1 * python312-debugsource-3.12.12-150600.3.40.1 * python312-testsuite-3.12.12-150600.3.40.1 * python312-testsuite-debuginfo-3.12.12-150600.3.40.1 * python312-tk-debuginfo-3.12.12-150600.3.40.1 * python312-dbm-3.12.12-150600.3.40.1 * python312-doc-3.12.12-150600.3.40.1 * python312-curses-3.12.12-150600.3.40.1 * libpython3_12-1_0-3.12.12-150600.3.40.1 * python312-idle-3.12.12-150600.3.40.1 * python312-base-3.12.12-150600.3.40.1 *python312-3.12.12-150600.3.40.1 * python312-tools-3.12.12-150600.3.40.1 * python312-curses-debuginfo-3.12.12-150600.3.40.1 * openSUSE Leap 15.6 (x86_64) * python312-base-32bit-3.12.12-150600.3.40.1 * python312-base-32bit-debuginfo-3.12.12-150600.3.40.1 * libpython3_12-1_0-32bit-3.12.12-150600.3.40.1 * libpython3_12-1_0-32bit-debuginfo-3.12.12-150600.3.40.1 * python312-32bit-debuginfo-3.12.12-150600.3.40.1 * python312-32bit-3.12.12-150600.3.40.1 * openSUSE Leap 15.6 (aarch64_ilp32) * python312-base-64bit-3.12.12-150600.3.40.1 * libpython3_12-1_0-64bit-debuginfo-3.12.12-150600.3.40.1 * python312-64bit-3.12.12-150600.3.40.1 * python312-64bit-debuginfo-3.12.12-150600.3.40.1 * libpython3_12-1_0-64bit-3.12.12-150600.3.40.1 * python312-base-64bit-debuginfo-3.12.12-150600.3.40.1 ## References: * https://www.suse.com/security/cve/CVE-2025-12084.html * https://www.suse.com/security/cve/CVE-2025-13836.html * https://www.suse.com/security/cve/CVE-2025-13837.html * https://bugzilla.suse.com/show_bug.cgi?id=1254400 * https://bugzilla.suse.com/show_bug.cgi?id=1254401 * https://bugzilla.suse.com/show_bug.cgi?id=1254997 . A moderate security update for python312 resolves multiple vulnerabilities affecting openSUSE systems. Patch now!. python security update, SUSE patch, openSUSE vulnerabilities. . LinuxSecurity.com Team

Calendar%202 Jan 05, 2026 SuSE
202

openSUSE Tumbleweed: Fix for Moderate Security Issues in python312-Django6

An update that solves 70 vulnerabilities can now be installed.. # python312-Django6-6.0-1.1 on GA media Announcement ID: openSUSE-SU-2026:10005-1 Rating: moderate Cross-References: * CVE-2015-3982 * CVE-2015-5145 * CVE-2015-5963 * CVE-2016-7401 * CVE-2017-12794 * CVE-2017-7233 * CVE-2017-7234 * CVE-2018-16984 * CVE-2018-6188 * CVE-2018-7536 * CVE-2018-7537 * CVE-2019-11358 * CVE-2019-12308 * CVE-2019-12781 * CVE-2019-14232 * CVE-2019-19118 * CVE-2019-19844 * CVE-2019-3498 * CVE-2019-6975 * CVE-2020-13254 * CVE-2020-13596 * CVE-2020-24583 * CVE-2020-24584 * CVE-2020-7471 * CVE-2020-9402 * CVE-2021-31542 * CVE-2021-32052 * CVE-2021-33203 * CVE-2021-33571 * CVE-2021-35042 * CVE-2021-45115 * CVE-2021-45452 * CVE-2022-22818 * CVE-2022-23833 * CVE-2022-28346 * CVE-2022-28347 * CVE-2022-34265 * CVE-2022-36359 * CVE-2022-41323 * CVE-2023-23969 * CVE-2023-24580 * CVE-2023-31047 * CVE-2023-36053 * CVE-2023-41164 * CVE-2023-43665 * CVE-2024-24680 * CVE-2024-27351 * CVE-2024-38875 * CVE-2024-39329 * CVE-2024-39330 * CVE-2024-39614 * CVE-2024-41989 * CVE-2024-41990 * CVE-2024-41991 * CVE-2024-42005 * CVE-2024-45230 * CVE-2024-45231 * CVE-2024-53907 * CVE-2024-53908 * CVE-2024-56374 * CVE-2025-13372 * CVE-2025-26699 * CVE-2025-27556 * CVE-2025-32873 * CVE-2025-48432 * CVE-2025-57833 * CVE-2025-59681 * CVE-2025-59682 * CVE-2025-64459 * CVE-2025-64460 CVSS scores: * CVE-2016-7401 ( SUSE ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2018-16984 ( SUSE ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2018-7537 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2019-12308 ( SUSE ): 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N * CVE-2019-12781 ( SUSE ): 6.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2019-14232 ( SUSE ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2019-19844 ( SUSE ): 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2019-3498 ( SUSE ): 4.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N * CVE-2019-6975 ( SUSE ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2020-13596 ( SUSE ): 6.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N * CVE-2020-24583 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2020-24584 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2020-7471 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:L * CVE-2020-9402 ( SUSE ): 7.6 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:L * CVE-2021-31542 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N * CVE-2021-32052 ( SUSE ): 5.4 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N * CVE-2021-33203 ( SUSE ): 4.9 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N * CVE-2021-33571 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2021-45115 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2021-45452 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2022-22818 ( SUSE ): 5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L * CVE-2022-23833 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2022-28346 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2022-28347 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2022-34265 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2022-36359 ( SUSE ): 7.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N * CVE-2023-23969 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-24580 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-31047 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2023-36053 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-41164 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L * CVE-2023-43665 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2024-24680 ( SUSE ): 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-27351 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-38875 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-39329 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2024-39330 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2024-39614 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-41989 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-41990 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-41991 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-42005 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2024-45230 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-45231 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2024-53907 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H * CVE-2024-53908 ( SUSE ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2024-56374 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-56374 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-13372 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N * CVE-2025-26699 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2025-26699 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2025-27556 ( SUSE ): 5.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L * CVE-2025-32873 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-48432 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N * CVE-2025-48432 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:H/SA:N * CVE-2025-57833 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-59681 ( SUSE ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-59681 ( SUSE ): 9.3CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-59682 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2025-59682 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2025-64460 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Tumbleweed An update that solves 70 vulnerabilities can now be installed. ## Description: These are all security issues fixed in the python312-Django6-6.0-1.1 package on the GA media of openSUSE Tumbleweed. ## Package List: * openSUSE Tumbleweed: * python312-Django6 6.0-1.1 * python313-Django6 6.0-1.1 ## References: * https://www.suse.com/security/cve/CVE-2015-3982.html * https://www.suse.com/security/cve/CVE-2015-5145.html * https://www.suse.com/security/cve/CVE-2015-5963.html * https://www.suse.com/security/cve/CVE-2016-7401.html * https://www.suse.com/security/cve/CVE-2017-12794.html * https://www.suse.com/security/cve/CVE-2017-7233.html * https://www.suse.com/security/cve/CVE-2017-7234.html * https://www.suse.com/security/cve/CVE-2018-16984.html * https://www.suse.com/security/cve/CVE-2018-6188.html * https://www.suse.com/security/cve/CVE-2018-7536.html * https://www.suse.com/security/cve/CVE-2018-7537.html * https://www.suse.com/security/cve/CVE-2019-11358.html * https://www.suse.com/security/cve/CVE-2019-12308.html * https://www.suse.com/security/cve/CVE-2019-12781.html * https://www.suse.com/security/cve/CVE-2019-14232.html * https://www.suse.com/security/cve/CVE-2019-19118.html * https://www.suse.com/security/cve/CVE-2019-19844.html * https://www.suse.com/security/cve/CVE-2019-3498.html * https://www.suse.com/security/cve/CVE-2019-6975.html * https://www.suse.com/security/cve/CVE-2020-13254.html * https://www.suse.com/security/cve/CVE-2020-13596.html * https://www.suse.com/security/cve/CVE-2020-24583.html * https://www.suse.com/security/cve/CVE-2020-24584.html *https://www.suse.com/security/cve/CVE-2020-7471.html * https://www.suse.com/security/cve/CVE-2020-9402.html * https://www.suse.com/security/cve/CVE-2021-31542.html * https://www.suse.com/security/cve/CVE-2021-32052.html * https://www.suse.com/security/cve/CVE-2021-33203.html * https://www.suse.com/security/cve/CVE-2021-33571.html * https://www.suse.com/security/cve/CVE-2021-35042.html * https://www.suse.com/security/cve/CVE-2021-45115.html * https://www.suse.com/security/cve/CVE-2021-45452.html * https://www.suse.com/security/cve/CVE-2022-22818.html * https://www.suse.com/security/cve/CVE-2022-23833.html * https://www.suse.com/security/cve/CVE-2022-28346.html * https://www.suse.com/security/cve/CVE-2022-28347.html * https://www.suse.com/security/cve/CVE-2022-34265.html * https://www.suse.com/security/cve/CVE-2022-36359.html * https://www.suse.com/security/cve/CVE-2022-41323.html * https://www.suse.com/security/cve/CVE-2023-23969.html * https://www.suse.com/security/cve/CVE-2023-24580.html * https://www.suse.com/security/cve/CVE-2023-31047.html * https://www.suse.com/security/cve/CVE-2023-36053.html * https://www.suse.com/security/cve/CVE-2023-41164.html * https://www.suse.com/security/cve/CVE-2023-43665.html * https://www.suse.com/security/cve/CVE-2024-24680.html * https://www.suse.com/security/cve/CVE-2024-27351.html * https://www.suse.com/security/cve/CVE-2024-38875.html * https://www.suse.com/security/cve/CVE-2024-39329.html * https://www.suse.com/security/cve/CVE-2024-39330.html * https://www.suse.com/security/cve/CVE-2024-39614.html * https://www.suse.com/security/cve/CVE-2024-41989.html * https://www.suse.com/security/cve/CVE-2024-41990.html * https://www.suse.com/security/cve/CVE-2024-41991.html * https://www.suse.com/security/cve/CVE-2024-42005.html * https://www.suse.com/security/cve/CVE-2024-45230.html * https://www.suse.com/security/cve/CVE-2024-45231.html * https://www.suse.com/security/cve/CVE-2024-53907.html *https://www.suse.com/security/cve/CVE-2024-53908.html * https://www.suse.com/security/cve/CVE-2024-56374.html * https://www.suse.com/security/cve/CVE-2025-13372.html * https://www.suse.com/security/cve/CVE-2025-26699.html * https://www.suse.com/security/cve/CVE-2025-27556.html * https://www.suse.com/security/cve/CVE-2025-32873.html * https://www.suse.com/security/cve/CVE-2025-48432.html * https://www.suse.com/security/cve/CVE-2025-57833.html * https://www.suse.com/security/cve/CVE-2025-59681.html * https://www.suse.com/security/cve/CVE-2025-59682.html * https://www.suse.com/security/cve/CVE-2025-64459.html * https://www.suse.com/security/cve/CVE-2025-64460.html . Update for openSUSE provides critical fixes addressing 70 security issues related to Django package vulnerabilities.. openSUSE security updates,Django vulnerabilities,python312 security patch. . LinuxSecurity.com Team

Calendar%202 Jan 04, 2026 OpenSUSE
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200